SlideShare ist ein Scribd-Unternehmen logo

Insa cyber intelligence_2011-1

T
TechBiz Forense Digital

O National Security Alliance’s (InSA) Cyber Council, organização norte-americana de inteligência e segurança, publica o primeiro de vários relatórios destinados a ampliar a visão dos tomadores de decisão da indústria e do governo sobre a importância do desenvolvimento de uma “inteligência cibernética”.

BusinessTechnologie
1 von 20
Downloaden Sie, um offline zu lesen
...setting the landscape for an emerging discipline... INTELLIGENCE AND NATIONAL SECURITY ALLIANCE CYBER INTELLIGENCE: SETTING THE LANDSCAPE FOR AN EMERGING DISCIPLINE SEPTEMBER 2011
ACKNOWLEDGEMENTS INSA CHAIRWOMAN Frances Fragos Townsend INSA STAFF Ellen McCarthy, INSA President Chuck Alsup, INSA Vice President for Policy Jay Fox, INSA Senior Research Intern CYBER INTELLIGENCE TASK FORCE EDITING TEAM Terry Roberts, Executive Director, Interagency & Cyber, CMU/SEI Bill Studeman, Independent Consultant CYBER INTELLIGENCE TASK FORCE WRITING TEAM Barbara Fast, Vice President, CGI Michael Johnson, Senior Scientist/Computer Security Researcher, Sandia National Laboratories Dick Schaeffer, Riverbank Associates, LLC EDITORIAL REVIEW Joseph M. Mazzafro, Oracle National Security Group INSA SUPPORTS A HEALTHY PLANET INSA White Papers are printed on recycled paper that is 50% recycled content including 25% post consumer waste.
EXECUTIVE SUMMARY E volving information systems technology has turned the cyber arena into a multi-dimensional attack space that extends the conventional landscape to a virtual domain where key economic and national security assets are exposed to significant threats. Individual, commercial, national, and international activities interact in this domain, increasing the space for offensive and defensive operations. Cyberspace is a haven for a broad range of disruptive operations, including reconnaissance, theft, sabotage, and espionage. It serves as an environment that allows threats to target hardware, software, financial assets, intellectual property, and individual identities. This paper is the first in a series developed by the Intelligence This paper assesses the cyber threat dynamic, economic and National Security Alliance’s (INSA) Cyber Council. It costs of cyber attacks and security, as well as the current is intended to broaden the vision of senior decision makers US approach to cyber intelligence. Based on these in government and industry. Our goal with this paper is assessments, we believe further discussion on the following to set the landscape for cyber intelligence by discussing topics across industry, academia and government would why it is necessary and providing thoughts on how to be a prudent investment in the future security and reliability approach the development of this function in the cyber of the increasingly important cyber domain. These topics domain. While there is a great deal of focus on current include the need to: cyber security issues, there is little focus on defining and 1. Systematically define and establish effective cyber exploring the cyber threat environment at a higher level. intelligence approaches, enduring professions, and Its unique dynamics and impact on our economy and needed skill-sets/training/education and technologies national security are understudied. In this paper, we will focus primarily on defensive cyber activities. There is a 2. Enable the creation of cyber intelligence related rapidly increasing need to fully leverage cyber intelligence policies, approaches, and pilot efforts across industry, assets and capabilities on a national and global scale academia/non-profits, and government that provide to address this ubiquitous, diverse, and evolving group unclassified situational awareness, indications, of adversaries. There is also a need to clearly define an warning data, analytics, and 24/7 unclassified and emerging cyber intelligence discipline that can be quickly classified (as appropriate) reporting to government and transparently shared with appropriate private and agencies, trusted industry, and global partners. The Cyber Council believes these pilot efforts are the most foreign partners. relevant value–added recommendations for setting The Cyber Threat Dynamic can be broken into three the landscape for cyber intelligence provided by this components: paper. The Cyberspace Environment 3. Establish public-private partnership cyber outreach forums that address these issues/concerns in a The Cyber Threat comprehensive, practical, and executable fashion The Convergence of the Effects of the Cyberspace 4. Build a meaningful virtual partnership among all Environment and the Threat relevant agencies and the private sector to ensure The two overarching costs from the cyber threat dynamic seamless sharing of threat information, timely are losses due to adversarial activities and the expense analytical judgments, and reasoned, measured of providing and maintaining security. In cyberspace, responses to clear threats the low cost of entry and easy access creates an Ultimately, effective cyber intelligence will begin to asymmetric environment in which public and private enable predictive, strategic warning regarding cyber sector organizations incur a disproportionate cost to threat activities, mitigate risks associated with the threat, defend compared to the consequence of attack. While enhance our ability to assess the effects of cyber intrusion, quantifiable assessments of the net impact of cyber attacks and streamline cyber security into a more efficient and cost are difficult to discern, the cost is great enough to warrant effective process based on well informed decisions. the need for a cyber security apparatus supported by sophisticated cyber intelligence. INSA CYBER INTELLIGENCE WHITE PAPER | 3
INTRODUCTION: TODAY’S CYBER ENVIRONMENT D uring the 20th Century, the United States experienced tremendous economic and industrial growth as inventors, entrepreneurs, and The United States policy makers partnered to turn ideas into labor saving and life as a whole has enhancing technology. During this time period, government and industry yet to put in needed to collaborate in unprecedented ways in order to serve national interests and meet security requirements. place systemic approaches, Advances in information systems technology enabled collaboration among individuals and states regardless of location. Innovation accelerated, and tradecraft, benefits to the United States overshadowed concerns about how these technologies, new capabilities might be used for malicious purposes. These same breakthroughs gave unprincipled individuals, organizations, and nations and end-to-end a new range of tools with which to perpetrate theft, fraud, sabotage, solutions across and espionage. government, A reactive patchwork of technology and processes with the purpose of academia, developing a preplanned comprehensive approach to constructing and and industry. using the global network emerged to address the deficiencies created by what was viewed as a temporary fad by these “hackers” and other unsavory interlopers. Historically, government and industry often collaborated on key technological innovations, like nuclear power, to utilize efforts for the common good. Today, government agencies and industry often seem to pursue separate (perhaps counter-productive) policies, in lieu of cooperating effectively to address incoming threats to our local and global network domains. The government, as in other areas, has unique insights into the threat space but cannot seamlessly share these insights with the very industries that own and operate over 90 percent of the telecommunications’ infrastructure and operations. This is further exacerbated by the common misperception that these threats are technical and tactical level attacks best handled at the unit or individual domain level. This bifurcated approach has resulted in the loss of precious years while the cyber threat vectors and activity levels have grown exponentially. Furthermore, the United States as a whole has yet to put in place systemic approaches, tradecraft, technologies, and end-to-end solutions across government, academia, and industry. While there is a great deal of focus on current cyber security issues, there is very little focus on truly defining and exploring the cyber threat environment at a higher level, its unique dynamics, and the potential impact on our economy and national security. We need to fully leverage cyber intelligence assets and capabilities to address this ubiquitous, diverse and ever evolving category of adversaries. This white paper addresses the following dimensions of the cyber threat environment: I. The New Dimension: Cyber Threat Dynamics III. The Role of Intelligence in the Cyber Arena II. Impact of Current Levels of Cyber Attacks: IV. Areas for Further Discussion and Review The Economics 4 | Intelligence and National Security Alliance | www.insaonline.org
I. THE NEW DIMENSION: CYBER THREAT DYNAMICS E merging information systems technology enables the cyber arena to extend the conventional landscape to a virtual domain where key economic and national There is a rapidly security assets are subject to threats. The convergence of the cyberspace increasing need environment and threat vectors creates a complicated dynamic. to fully leverage The Cyber Threat Dynamic can be broken into three components: cyber intelligence 1. The Cyberspace Environment assets and 2. The Cyber Threat capabilities on 3. The Convergence of the Effects of the Cyberspace Environment and the Threat a national and global scale to 1. THE CYBERSPACE ENVIRONMENT clearly define Cyberspace has become a global commons that has enhanced interaction, information exchange, and productivity. However, it is also a haven for a broad the emerging range of disruptive operations, including sabotage, reconnaissance, theft, and cyber intelligence espionage. It serves as an environment that allows threats to deny, disrupt, degrade, discipline. or destroy hardware, software, and intellectual property. The Relevance of the “Information Super-Highway.” Although the Internet and highway system analogy may be a bit of a cliché, commerce is instructive when examining the cyberspace environment and the economic impact of cyber intrusions. Imagine if businesses in the United States could not use the interstate system to reliably transport goods. Similarly, in the early days of overseas commerce, ships would often be captured by pirates and bandits who would rob merchants with impunity and little penalty. During World War II, merchant convoys relied on military escorts, which in turn, relied on industry for supplies and innovations. This symbiotic partnership between industry and government was foundational to the economic growth of this nation and the world economy. Today 90 percent of all commerce takes place on the seas, mostly without incident. The Internet has assumed an analogous stature in its role in financial transactions and the exchange of information. Protecting this “super-highway” is a global imperative for the public, private, and academic sectors. A Multi-Dimensional Attack Space. The cyber environment, coupled with technology, has created a new multi-dimensional attack space. There is an interconnection between the spatial, physical, logical, and social layers through which the adversary moves with impunity. The complexity of this attack space means that investigators must understand the relationship between these layers and pinpoint the perpetrator’s origin and intent in order to gain attribution. With the convergence of computers and telecommunications networks, the defenders must look at this problem as a whole and then disaggregate into its parts. There is a merging of wired, wireless, and optical technologies (networks and RF). Whereas before enterprise networks might be viewed distinctly from hand- held devices or tactical radios, now the cyber network stretches from the enterprise network and its infrastructure to wireless devices being used at the tactical edge by the military, law enforcement, shoppers, or drivers using GPS-enabled devices. INSA CYBER INTELLIGENCE WHITE PAPER | 5
with each other. In most cases, laws have not kept pace with the technical ability of an adversary Ultimately, effective cyber intelligence will begin to move rapidly through national, to enable predictive, strategic warning regarding academic, commercial, and private internet service providers. cyber threat activities, mitigate risks associated The lexicon is especially confusing with the threat, enhance our ability to assess the because it remains immature. For example, there is no agreed effects of cyber attacks, and streamline cyber definition of what constitutes an security into a more efficient and cost effective attack on a nation or a breach process based on well informed decisions. of sovereignty. Often theft, espionage, reconnaissance, or even simple hacking is described as an attack. Contrary to physical domains and sciences, this The Consequences of Outsourcing. environment is truly a complex and dynamic cyber- The U.S. government has significantly outsourced ecosystem that demonstrates unexpected emergent significant portions of the design, implementation, behaviors every day. Similar to physics in the early and maintenance of Information Technology (IT) to 1800s, we are still in the early stages of understanding other countries, where our potential adversaries can cyber as a domain and its implications. Cyber easily insert themselves into our logistical chains. science, engineering, and domain are in their infancy, The United States and other developed countries and all are being driven at the speed of continuous have outsourced their IT development for economic technological development. Little is designed with the reasons, but the market is failing to account for the strategic vision to systematically mitigate threats; much reality of the increased security risk. The present is evolved in a tactical, reactive way. New versions situation is as dangerous as if the United States of exploits are launched globally every day, resulting decided to outsource the design of bridges, electrical in new vulnerabilities. Given this flaw of software and systems, there is no end in sight to the repetitive iterations of tactical attack and defense. The government has unique insights into the threat space but cannot seamlessly share these The Gap Between Law and the Threat. insights with the very industries that own and National and international laws, operate over 90% of the telecommunications’ regulations, and enforcement are still struggling to catch up to infrastructure and operations. cyber activities worldwide. Rules, protocols, and standards are few and disconnected, often conflicting 6 | Intelligence and National Security Alliance | www.insaonline.org
grids, and other physical infrastructure Attack Sophistication vs. Intruder Technical Knowledge g to the Soviet Union during the ounterfeit malicious counterfeit hardware High persistent malware infiltration email propagation of & persistent surveillance Cold War. In tandem with the “stealth”/advanced scanning malicious code adaptive, high-impact, techniques outsourcing of IT development, the sophisticated targeted attacks on command control systems critical infrastructures Average Intruder Knowledge targeted & control IT systems themselves are becoming widespread attacks using NNTP to distribute attack increase in supply-chain compromises coordinated increasingly complex. Increased worms cyber-physical attacks Attack Sophistication widespread attacks on system complexity means that there DNS infrastructure DDoS attacks massive botnets increase in targeted phishing & vishing are more exploitable vulnerabilities executable code attacks (against widespread attacks on automated browsers) anti-forensic techniques that arise by accident and more client-side software widespread attacks opportunities to hide deliberately GUI intruder home users targeted widespread attacks on web applications introduced vulnerabilities, while it tools distributed attack tools hijacking sessions becomes harder for the finite number increase in wide-scale Trojan horse distribution of trusted experts to check systems for Internet social engineering attacks widespread denial-of-service integrity. attacks techniques to analyze code for vulnerabilities Windows-based remote automated without source code controllable Trojans packet spoofing probes/scans (Back Orifice) 2. CYBER THREAT 1990 2010 Low The threats to our national security and economic interests in the cyber © 2011 Carnegie Mellon University 1 arena vary in identity, objectives, Figure 1: The Evolution of Attack Techniques/Technologies1 assets, and capabilities. Their range can stretch from disruption, to simple theft, to taking down critical property is not an uncommon practice among some infrastructure, to disrupting government functions. The national governments and state industries. Some advantage almost always lies with the threat. Ability and states use the Internet to conduct offensive operations intent of these actors become important distinctions to the as part of their doctrine. These operations include defender’s action. disrupting lines of communication and the target’s communications medium. This should be viewed as a Varying Profiles. new tool in the warfare toolbox—not unlike the advent Attackers do not need to be well educated nor well of armored or aerial warfare. resourced. They can come from any social cross section. They simply need to have intent and the ability to use No Boundaries to Geographic Location or Objectives. technology to perpetrate their activity. Below are a few There are no geographic boundaries in cyberspace. illustrations: Individual, group, and/or nation-state attackers can reside Age is irrelevant. Young teenagers in various countries anywhere. Objectives are similarly boundless. Attack have used the Internet to hack into Pentagon sites. motives vary from simple curiosity, personal vendettas, financial or intellectual property gain, and/or a desire to Criminals have created international gang activity harm an institution or state. Targets include individuals, using the Internet as their medium with drugs, groups, commercial interests, infrastructure, and nations. pornography, human trafficking, and financial gain among their activities. Criminals also sell capabilities Assets and Capabilities. and services to other criminals, groups, and even Offensive techniques and technologies have rapidly states. evolved over the past twenty years. Figure 1 illustrates the Terrorist groups are using the Internet to conduct their emergence of new and more sophisticated threat assets operations, recruit, and coordinate on a larger scale. and capabilities since 1990. This emergence is based on an improvement in attacker skill sets and more advanced Nation-states are using the Internet to conduct technology at their disposal. reconnaissance and espionage. Stealing intellectual INSA CYBER INTELLIGENCE WHITE PAPER | 7
3. THE CONVERGENCE OF THE EFFECTS OF THE Fostering an Asymmetric Cyber Threat. CYBERSPACE ENVIRONMENT AND THE THREAT The cyber domain encompasses a new and profound The heart of the cyber threat dynamic is where the effects dimension of asymmetric warfare. Historically, adversaries of the cyberspace environment and the threat meet. This of all types have chosen to take advantage of an opponent convergence has a multiplying effect on the vulnerabilities where and when he or she is weakest, especially if of cyber targets. the attacker is outmatched. Because of the attacker’s familiarity with the infrastructure, cyberspace offers an opportunity to extend the landscape to a virtual While there is a great deal of focus on current domain where both key economic and national security dynamics are cyber security issues, there is very little focus on truly at play. Individual, commercial, defining and exploring the cyber threat environment at national, and international activities a higher level, its unique dynamics, and the potential all work and socialize in this domain, increasing the space to impact on our economy and national security. attack and defend. In this domain, it is not necessary for a peer-on-peer relationship to be present, nor is it necessary for the Attacker’s Familiarity with the Cyber Infrastructure. attacker to be victorious. The lone individual, the criminal Attackers derive an advantage in preparing and executing group, or a developing country can be just as dangerous an attack from their familiarity with the hardware and as the well resourced and situated advanced player. The software the victim uses. The attacker can experiment and disadvantage lies with states and global commercial interests perfect an attack on the same commodity infrastructure his whose equities rely on the Internet and interconnectivity victim is likely to have. Part of the cost of using a cookie for national security and economic trade. While every cutter computing platform has been to give attackers nation is vulnerable, there are places that offer particularly the blueprints to our infrastructure. These blueprints, lucrative launch points for the hacker. Failed states enable combined with the complexity of the infrastructure that opportunities for hackers, as they do for criminals and gives them a place to hide, are all they need. The terrorists. These states are simply not resourced, or they software architecture is both intricately complex and are too corrupt to bring governance, law, or order to relatively inexpensive, resulting in economies of scale bear on the issue. There are other nations that tolerate that complicate cost metrics. We have taken advantage hackers within their borders so long as they are not the of this economic leverage to such a degree that virtually victim themselves. everyone has a clone of everyone else’s infrastructure. A cyber threat retains an advantage due to the inscrutable complexity of IT infrastructure but also to its ubiquity as an inexpensive commodity. Terry Roberts. Executive Director Interagency and Cyber, Carnegie Mellon, SEI Cyber Intelligence - Foundational to Cyber Mission Assurance. February 8, 2011 1 8 | Intelligence and National Security Alliance | www.insaonline.org
Exploiting the Current Defense Paradigm. As in other forms of asymmetric warfare, a perimeter defense is not effective. In Because of the attacker’s familiarity with the cyberspace, it is all the more challenging infrastructure, cyberspace offers an opportunity with the extra obstacles of time, technology, to extend the landscape to a virtual domain laws, and attribution, among others. Attackers continue to migrate from less where both key economic and national security sophisticated denial of service operations dynamics are at play. to very complex attacks. The Stuxnet attack on select networks that operate centrifuges in nuclear facilities provides an example. Attackers now assume legitimate identities as the speed of networks increases, it allows the to illegally procure intellectual property and conduct perpetrator to maintain the initiative. The hacker can other operations. Attackers also insert command and take full advantage of the speed of hardware, software, control code that lies in wait inside a victim’s network and communications technology upgrades to expedite until activated to conduct a pre-designated activity. his/her attack vectors. The defender is continuously in a They are increasingly able to manipulate the content game of catch-up. As the defender identifies new attacks of information in order to meet their objective and and implements new security measures under ever tighter influence the actions of the victim. All of these actions timelines, the attacker simply continues to outrun these can be easily perpetrated from locations thousands of measures. For example, some criminals now sell an instant miles away at a time of the perpetrator’s choosing with identification service of ongoing on-line transactions to chilling effect. customers who then are able to steal money in that same time space. Time Favors the Attacker. The dimension of time has changed the threat environment, Shared Threat and Shared Responsibility. favoring the attacker. Attacks from around the globe Today’s cyber threat dynamic is a shared threat among happen in seconds, transiting through multiple waypoints public, private, and government entities. This common that often mask their movement to the victim. The lack threat creates additional and unprecedented risks, of geographic boundaries permits optimized, virtual realities, and vulnerabilities. The attacker can use the routing to the destination. If the attacker is successful in same mechanism to strike multiple targets. Civilian breaching a network’s perimeter, the attacker can move “casualties” and collateral damage are very likely. For quickly, slowly, or lie dormant, depending on the nature example, attacks on critical infrastructure, like electricity, of the victim’s network and intruder’s intent. Additionally, can have second and third order effects on hospitals, emergency services, and other unintended victims. Cyber threats can breach touch-points between Cyber science, engineering, and domain are in their government unclassified and infancy, and all are being driven at the speed of classified systems. In the absence continuous technological development. Little is designed of a completely new Internet architecture, the public and with the strategic vision to systematically mitigate threats. private sectors are intrinsically linked, interdependent, and must collectively devise and adopt solutions to be effective. INSA CYBER INTELLIGENCE WHITE PAPER | 9
II. IMPACT OF CYBER ATTACKS AND COST OF CYBER SECURITY: THE ECONOMICS T he two overarching costs from the cyber threat dynamic are the losses due to an intrusion and the expense of providing and maintaining security. In the We are not cyber environment the low cost of entry and easy access creates an asymmetric effectively or environment for “piracy and plunder.” Anyone with a computer can be a pirate whether he or she is working for a state government or out of his/her garage. In comprehensively 2003 estimates of losses due to cyber attacks ranged from $13 billion to $226 collecting and billion.2 While these estimates are often challenged, the impact is certainly assessing key significant, and the key risks and costs we incur by not effectively addressing the breadth of threats to the cyber domain must be addressed. data points to tell us the cumulative AMBIGUOUS ESTIMATES OF ECONOMIC COSTS. impact and The first challenge we face is determining the quantifiable effects of cyber attacks cost of all of and security. The absence of accurate damage assessments is a critical shortcoming. Many researchers have published diverse estimates of the actual and potential our respective economic costs. Kshetri (2010) quotes an FBI/McAfee study as estimating US costs government and of cybercrime at $400 billion annually.3 Anderson (2010) estimates the potential losses from a successful cyber attack on the UK’s petroleum infrastructure to be on industry losses the order of hundreds of billions of dollars.4 of intellectual The impact on business, government, and individuals from cyber attacks has property and progressed significantly from distraction and moderate disruption to an inability to personal data. operate or communicate for days. Typically in commerce, the potential for dishonest interactions and financial losses has been coupled with the recognition that this could be quantified, managed, and included as a business cost. However, cyber disruptions are not always correlated to IP losses, financial theft, or IT sabotage. This clouds the impact and increases risk to businesses and governments. We have advanced beyond mere “acceptable levels of loss” to levels where effective ownership of an individual’s, company’s, or country’s finances, operations and intellectual property may be at stake. The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown. However, it is not yet clear that the business community understands or accepts this increase in risk. The bottom line is that we are not effectively or comprehensively collecting and assessing key data points to tell us this important story – the cumulative impact and cost of all of our respective government and industry losses of intellectual property and personal data. 2 www.cisco.com/warp/public/779/govtaffairs/images/CRS_Cyber_Attacks.pdf. 3 Kshetri 2010. 4 Anderson 2010. 10 | Intelligence and National Security Alliance | www.insaonline.org
CRITICAL INFRASTRUCTURE: A SECURITY IMPERATIVE. Critical infrastructure is at significant risk Today’s cyber threat dynamic is a shared threat to this form of warfare. Much of the world’s critical infrastructure, including in among public, private, and government entities. the energy, finance, and transportation sectors, was created and netted before the security imperative became in space, worst case attack or warfare scenarios at the apparent. Even if the infrastructure has modernized high end of conflict can mean the complete breakdown security features, it remains vulnerable to attackers who of daily life as we know it. Simulations of a weaponized find entry via legacy software that provides trap doors cyber attack against our global telecommunications into the larger, modernized network. executed against military and government systems, industry, and critical infrastructure portend the significant RISKS TO IDENTITY AND INFORMATION SECURITY. risk associated with our dependency on information age Legitimate IT users must constantly question whether the systems. At the mid-point of the threat spectrum, there equipment is leaking their information. Average users are are potential losses of trust in the decision, control, and becoming more aware that the first time they may know execution functionality we have come to associate with of exfiltration of their data is when they read it in the news modern precision engagement warfare. At the lower or when an adversary uses it against them. Today, users end of threat, ideas, data, and resources are stolen; must choose either to keep their information “off the grid” functionality is hacked; service is denied; and privacy or to take an unquantifiable risk that it will end up in the and civil liberties are violated. Our lives and institutions wrong hands. The cost of losing proprietary or personal can generally be disrupted, probed, and exposed. information must be constantly considered alongside the opportunity cost of sequestering information from our Impacts and risks our society faces based upon today’s networked IT infrastructure. Likely, it is the most innovative, incoming cyber threats include: sensitive, or insightful (and thus useful) information that has This the greatest need for legitimate, but controlled, sharing. could result in “the release of sensitive or classified Unfortunately, this information is often either over-controlled government information; the disruption of critical or too easily accessible. This continuous set of choices information; and the undermining of agency is very real and costly in time, technology, management, missions.”5 This fundamentally threatens our and bureaucracy. national security. Our THE THREAT STAKES ARE HIGH AND EVER INCREASING IN nation’s prosperity depends on assured and highly THE CYBER DOMAIN. performing information systems. The reliance of stock At the high end of the threat spectrum, national survival markets and financial institutions on the Internet and could potentially be at stake in the most extreme associated networks, as well as the operational circumstances. Our dependencies on net-centricity, IT requirements for command and control by our and telecommunications, and the related microelectronics diplomatic, military, and intelligence organizations and paths that facilitate information age processes have identify our digital infrastructure as a critical national become vulnerabilities for virtually all modern states. Using security asset. The President has pledged to make the broadest definition of “cyber” as part of information this infrastructure “secure, trustworthy, and resilient.”6 operations, including both the kinetic (e.g. EMP) and Cyber threats expose this infrastructure to significant risk. non-kinetic threats to our modern decision and control processes, and by adding our increasing vulnerabilities 5 Montalbano 2010. 6 Goldsmith 2010. INSA CYBER INTELLIGENCE WHITE PAPER | 11
Increased Vulnerability to Our Critical Infrastructure. We continue to push initiatives The reliance of stock markets and financial for deeper integration of information systems institutions on the Internet and associated of all sorts (e.g., energy “smart grid,” networks... identify our digital infrastructure medical records, and air-traffic control) with the Internet.7 This integration is driven as a critical national security asset. by powerful economic incentives on the part of both business and government.8 This integration creates the possibility of a approaches cannot keep up. Examples include distributing multiplier effect of cyber attacks. “up-to-date” malware signatures when much of today’s Short-Term Goals Versus Long-Term Vision of Cyber malware presents a unique signature for every infection; Security. In the early days of the Information Age, searching for an “optimal” operating system security government and industry reaped the benefits of configuration and then replicating it in a monoculture productivity and economic gain associated with IT across a large network; conducting thousands of hours and the Internet. However, they have probably not of “extensive” testing that covers only a small fraction of sufficiently invested in properly securing these critical a system’s total space; and imposing new programming infrastructures. We will experience long-term costs if paradigms in the mistaken belief that they can eradicate these systems are disrupted or incapacitated. Security vulnerabilities from software. vulnerabilities in information technology represent a market externality because the costs from insecurity INEFFICIENCIES OF THE CYBER ARMS RACE. are either not borne by the party best able to address them (PC industry, cell phones) or do not fully represent Attempting to secure our systems under current cyber the cost to society (critical infrastructure)9. Economic practices is a costly, ineffective, and never-ending incentives of industry are aligned against sharing of struggle. We must avoid an offensive-defensive cyber information about security threats and actual security “arms race” which consumes extensive resources, yet fails incidents.10 As an example of one kind of disincentive, to produce an enduring or definitive outcome. At best, the share price of companies reporting a significant adversaries struggle for strategic parity, with one ending cyber breach fell an average of 1 - 5 percent.11 up bankrupt and all having little to show for it. At worst, an adversary conceives of the problem from a different A REACTIVE AND COST INTENSIVE APPROACH. perspective (unbeknownst to us), and we are blindsided through technological surprise. Significant time and resources are spent in cumulative attempts to address the latest threat vector and to improve We need to systematically collect key metrics on all of cyber security. Federal Information Security Market, the above activity levels from government and industry so 2010-2015, indicates that demand for vendor-furnished that the real impact is known and the top risks identified information security products and services by the U.S. can become the priority for resolution. The irony of federal government will increase from $8.6 billion in reporting the impact of a cyber breach is that reporting 2010 to $13.3 billion in 2015 at a compound annual also puts the company or government agency “on report” growth rate (CAGR) of 9.1 percent. to all. Therefore, this key data should be collected by a not-for-profit, trusted third party, and the trends and the These huge government expenditures result in only cumulative impacts should be shared with all in a non- momentary benefit because the threat vectors are moving attributable manner. at the speed of technology, and our current, reactive 7 Goldsmith 2010. 8 Anderson 2010. 9 Anderson 2010. 10 Anderson 2010. 11 Cashell 2004. 12 | Intelligence and National Security Alliance | www.insaonline.org
III. THE ROLE OF INTELLIGENCE IN THE CYBER ARENA T he previous two sections have addressed the cyber threat dynamic and the impact of cyber attacks and security. As in any form of security, intelligence Effective cyber is a key component of tactical and strategic decision-making. Effective cyber intelligence will intelligence will enhance our ability to assess the effects of cyber attacks (a critical shortcoming identified in the previous section), mitigate risks associated with the enhance our threat, and streamline cyber security into an efficient and cost-effective process ability to assess based on well informed decisions. the effects of DEFINING THE THREAT INTELLIGENCE MISSION (A PHILOSOPHICAL TUTORIAL). cyber attacks, The role of intelligence in any capacity is to collect, analyze, and produce mitigate risks information to provide complete, accurate, timely, and relevant threat assessments to associated with inform decision makers who act on the information. It is usually most effective when it is disseminated at the lowest possible classification level for the maximum number the threat, and of relevant users facing these threats. In performing this mission, the intelligence streamline cyber agencies seek to penetrate actual or potential threat targets consistent with national security into an strategic, operational, and tactical priorities. These agencies then seek to produce intelligence on adversary or threat capabilities and intentions in a manner that efficient and “connects” with the maximum number of relevant customers. cost effective process based THE ROLE OF THREAT INTELLIGENCE PROCESSES TO DRIVE ACTIONS. Intelligence and threat analysis does not exist for its own purposes. When threat on well informed details are suppressed or ignored, national security incurs significant consequences. decisions. It is important to sustain a high level of performance in the dynamic cyber arena. This environment is where threats develop rapidly and are fueled by new concepts for the use of pervasive IT. New waves of innovative capabilities seem to break over users in tsunami fashion, be it the coming cloud architectures or the continuing revolution in personal devices connected to the networks. Given this relentless and constantly unfolding environment, intelligence might be successful in keeping pace with technological innovation. Conversely, it might be slow, or even wrong in its assessments of the threat dynamic. It is therefore important to evaluate public and private cyber intelligence activities that support these security missions in a strategic manner. THE “CYBER INTELLIGENCE COMMUNITY.” This unique, currently ad hoc, community is made up of government, telecommunication and internet providers, CERTs, and other formal information security entities, specialty companies, and vendors. The members of this community engage in a myriad of activities that could be the potential victim of a cyber threat. This “Cyber Intelligence Community” is currently an informal coalition of the willing that collects and analyzes unclassified and classified cyber intelligence data and trends. There is no formal mechanism across industry and government cyber intelligence entities that successfully collects, processes, and analyzes all identifiable key cyber threat behavior and reports it at an unclassified or reasonable classification level to all appropriate customers. An effective connection between intelligence provider and the customer means that the customer has understood and internalized the intelligence resulting in action to work the intelligence and mitigate the threat. Good intelligence professionals relentlessly INSA CYBER INTELLIGENCE WHITE PAPER | 13
pursue interactions with The “Cyber Intelligence Community” is currently an informal customers to ensure that: the data is collected, coalition of the willing that collects and analyzes unclassified analyzed, and conveyed; and classified cyber intelligence data and trends. the intelligence serves customers’ purposes; and some action is being Human Intelligence (HUMINT), Open Source Intelligence taken (or deliberately (OSINT), Geospatial and Measurement Intelligence not taken). This cycle can be referred to as a constant (GEOINT), and the volumes of unclassified network data process of story-finding, story-telling, story-updating, story- and behavior being watched by global CERTs. Continuous listening, and story-heeding. A concept to institutionalize liaison among all related parties is critical so that sharing this ad hoc community is currently missing. is seamless. This ensures an evolving, improved level of insight and reporting to an increasingly secure and highly CYBER CONFLICT DOES NOT EXIST IN A VACUUM. performing cyber environment for all. The Joint Chiefs of Staff Pub 1 (unclassified) definition of Information Warfare integrates Electronic Warfare/Attack, This evolving cyber intelligence tradecraft requires deep Computer Network Operations (for Offense, Defense, and powerful technical and analytic expertise at all levels. and Exploit), Military Information Support Operations Such technical talent and related capabilities remain (MISO) (previously psychological operations), operational ill-defined and in short supply across government and deception, and operational security. These operations industry. An institution that has made some headway in can be kinetic and/or non-kinetic. There are adjacent this regard is the Information Assurance Directorate (IAD) definitions for Strategic Communications, Space-related at the National Security Agency. IAD is the front line missions, Covert Action, etc. When these missions are of the defensive cyber mission. It commands substantial successfully integrated together by a capable adversary resources, high performing talent, strong processes, in time and space to create the maximum effects, the and informed outreach. It also works hand in hand with results can be devastating. The cyber arena has these military, public, and private partners to ensure that our universal adjacencies and overlapping considerations cyber capabilities and intellectual property are defended which intelligence managers must take into account for and that our defense is informing offense and vice versa. offensive planning and execution, as well as in building IAD is a good start, but we must emulate their good and operating defensive resilience and response. practices and innovativeness in defining professional attributes, associated education, and training goals for INVESTING IN CYBER INTELLIGENCE TRADECRAFT, the unique career fields associated with the cyber realm. SKILL SETS, AND CAPABILITIES. The vast majority of the dangerous activity occurs A substantial and continuing investment in cyber within the .com domain (as opposed to the .gov or .mil intelligence should be a strategic imperative in the domains) and over 90 percent of the threat data and information age. It is also imperative to use that analytics are unclassified. Therefore, as a nation, we intelligence to safe guard our ability to maintain security. have systematically relegated the identification, tracking, We must ensure that stable domestic and international and reporting of this threat to the network operations economies are not jeopardized by possible conflict with arena and IT professionals without the inclusion of the rival powers, rogue states, failing or failed states, modern invaluable expertise and the analytic tradecraft of the terrorists and thieves, and WMD proliferators. All formal U.S. Intelligence Community. and informal intelligence disciplines contribute to these imperatives, including Signals Intelligence (SIGINT), 14 | Intelligence and National Security Alliance | www.insaonline.org
IV. AREAS FOR FURTHER DISCUSSION AND REVIEW O ur national ability in the area of cyber intelligence remains unclear. There is evidence that we are collecting effectively in this complex area. There is As a nation, sound open source evidence that we are acquiring significant cyber and we have information warfare capabilities. Unfortunately, as a nation, we remain exposed and vulnerable to focused cyber threats. The uncertainty associated with this situation systematically raises many questions including: relegated the Does the rush to play in the capability and profit arenas of Information Age markets identification, simultaneously drive us to a potential abyss, by causing us to ignore, play down, tracking, and over-classify, or restrict the inconvenient cyber truths required to have information reporting of security and assurance concurrently? this threat to Are our innovative endeavors so focused on markets and functionality that we the network cannot simultaneously innovate to some low, medium, and high levels of information security and overall hardening in the process? operations arena and IT Has intelligence done a sufficient job of informing the community and public on cyber threats writ large? professionals One can infer the answer to these questions is negative since there is a universal without the clamor in many concerned public and private quarters that more needs to be done inclusion of to distribute timely threat data, situational awareness and warning. This needs to the invaluable be data that has specific details, not just data at a high level. The U.S. military has been so overwhelmingly superior globally against niche adversaries who threaten in expertise and certain dimensions that we have not had to face the comprehensive specter of real the analytic cyber warfare. Literature has been full of stories of looming or developed threats tradecraft of the which, under the worst circumstances, can have grave implications for defense and national critical infrastructure in terms of conflict and crisis functionality. U.S. Intelligence Community. Virtually the entire U.S. Intelligence Community (working with extended partners) is involved to one degree or another in cyber threat matters. The means exist, albeit often at the classified levels, to collect, analyze and produce estimative and fact based data on both an in-depth research analysis basis or as current intelligence. Some organizations like NSA, CIA, DIA, DHS and the military services are more involved than others. However, the actual handling and security classifications of threat information are pervasive problems in disseminating cyber intelligence. New ways need to be found to clear those who need to know, quickly sanitize the INSA CYBER INTELLIGENCE WHITE PAPER | 15
data, or not classify information to maximize the widespread and detailed effectiveness. We must consider a national intelligence consortium Classification should only be or federation and defined public-private partnership used when there is a requirement concepts, which could implement an effective continuous to protect sources and methods or as it relates to our own attack capability of collecting, organizing, analyzing, or exploit means. We need to disseminating and leveraging threat intelligence. develop sharing concepts on both threats and solutions, so that every effort is expended to disseminate the details to federal, state, local, tribal, private, and key intelligence. This cannot be left to the formal U.S. defense foreign partners. and intelligence communities alone because their equities exist on narrower national security lines. Additionally, the DEALING WITH LARGE-SCALE, COMPLEX NATION-STATE OR U.S. government has only a limited role in developing the current family of digital age software, hardware, MARKETPLACE PROBLEMS. and global telecommunication networks being used or Organizing for success is the key, and it should be designed for the future. underpinned with strong governance to drive and/ or track results. Overall, we must consider a national intelligence consortium or federation and defined public- IDENTIFYING THE CUSTOMERS. Assuming we will optimize the creation and dissemination private partnership concepts, which could implement an of cyber intelligence at every appropriate level, we need effective continuous capability of collecting, organizing, analyzing, disseminating and leveraging threat to understand the customer set for threat intelligence. This is a key question because if there are to be strong connections between government and industry partners, we must define, understand, and We need to develop sharing concepts on both threats establish their respective roles and solutions, so that every effort is expended to and alignments to create a cyber disseminate the details to federal, state, local, tribal, intelligence consortium analyzing and reporting current threats and private, and key foreign partners. serving customers. 16 | Intelligence and National Security Alliance
CONCLUSIONS. In response to the preceding Overall, we must consider a national intelligence paragraphs, we make the following consortium or federation and defined public-private suggestions across industry, partnership concepts, which could implement academia and government. an effective continuous capability of collecting, 1. Continue to promote discussion, organizing, analyzing, disseminating and debate, and action on systematically defining and leveraging threat intelligence. establishing effective cyber intelligence approaches, enduring professions, needed skill-sets/training/education and technologies: Identify the specific technical means utilized or planned for cyber attack operations in deep Development of strategies (beyond current “patch technical detail to include supply chain issues, and pray” processes), policies, doctrines, legal paths to be exploited, nature and character of frameworks, and overall global context for cyber deployed infections, systems/product weakness, intelligence matters effects, and anticipated planned or ongoing adjacent activities Increase global business, diplomatic and other forms of engagement, which should discuss Maintain detailed cyber situational awareness potential ways to create more stability and mutual writ large security in the cyber arena in order to reduce the potential for cyber conflict, theft, sabotage, and Participate in the rapid control and release espionage of cyber means in order to ensure a viable intelligence gain and loss awareness Support development of deterrence, dissuasion, and other high level concepts and measures for Identify what criminal activities are ongoing or maintaining peace and stability at all levels of have already happened in cyber networks, do conflict and crisis formal damage assessments in these areas, and support development of improved defenses Define cyber intelligence professions, needed skillsets, training, and education for both industry Partner on research and development in the and government needs challenging areas of attack attribution, warning, damage assessment, and space related threat 2. Enable the creation of cyber intelligence related collection and analysis polices, approaches, and pilot efforts across Organize and support counter-intelligence and industry, academia/non-profits, and government counter-espionage (CI/CE) activities, with special that provide unclassified situational awareness and focus on identifying/using auditing tools and indications and warning data, analytics and 24/7 processes to deal with the insider threats unclassified and classified (as appropriate) reporting to government agencies, trusted industry, and global Create a consistent and meaningful approach for partners: the cyber equivalent of Battle Damage Assessment (BDA)/Combat Effectiveness Assessment Corporately define specific activities, plans, and intentions of adversaries; continuously identify current and emerging threat vectors, and support our plans and intentions INSA CYBER INTELLIGENCE WHITE PAPER | 17
3. Establish public-private partnership cyber outreach forums that address these areas We believe there is an urgent need to better define and in a comprehensive, practical, and executable fashion. These develop cyber intelligence as a new discipline in the forums can take the form of IC. Such a discipline will also demand discussion of commissions that study the the unique training, education, skill sets, and tradecraft demand for cyber intelligence and value added to that will be required to successfully conduct meaningful cyber security. collection and analysis in the cyber domain. 4. The dilemma that exists in the current cyber intelligence apparatus is that DHS has the authority but lacks the We believe there is an urgent need to better define experience and capabilities to orchestrate a and develop cyber intelligence as a new discipline in comprehensive approach to cyber intelligence. the IC. Such a discipline will also demand discussion of DoD has much of the actual cyber intelligence the unique training, education, skill sets, and tradecraft capabilities, and private industry owns most of the that will be required to successfully conduct meaningful infrastructure. Ultimately, INSA’s Cyber Council collection and analysis in the cyber domain. These and would like to see a meaningful partnership among all related topics, such as the role of cyber intelligence in relevant government agencies and the private sector other aspects of cyber operations and who is best suited to ensure seamless sharing of threat information, to develop this discipline, will be the subject of further timely analytical judgments, and reasoned, discussion and white papers by the INSA Cyber Council. measured responses to clear threats. As stated earlier, there is clearly a great deal of focus on cyber security issues. Hardly a day goes by without some news of a major hacker attack on government and industry information infrastructure or reports of a significant security breach. The economic and national security ramifications are apparent. Our ability to truly define, explore and analyze this cyber threat environment in a thoughtful, methodical manner at a reasonable level of classification is not yet well developed. 18 | Intelligence and National Security Alliance | www.insaonline.org
ABOUT INSA INSA is the premier intelligence and national security organization that brings together the public, private and academic sectors to collaborate on the most challenging policy issues and solutions. As a non-profit, non-partisan, public- private organization, INSA’s ultimate goal is to promote and recognize the highest standards within the national security and intelligence communities. INSA has over 150 corporate members and several hundred individual members who are leaders and senior executives throughout government, the private sector and academia.
SUPPORTING ADVANCES IN THE NATIONAL SECURITY AGENDA 901 North Stuart Street, Suite 205, Arlington, VA 22203 (703) 224-4672 | www.insaonline.org

Empfohlen

Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Narus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperNarus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperTrobough
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286Udaysharma3
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatIBM Government
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryWilliam Beer
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?zapp0
 
Opportunities and Challenges in Crisis Informatics
Opportunities and Challenges in Crisis InformaticsOpportunities and Challenges in Crisis Informatics
Opportunities and Challenges in Crisis InformaticsLea Shanley
 

Empfohlen

Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Narus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperNarus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperTrobough
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286Udaysharma3
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatIBM Government
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryWilliam Beer
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?zapp0
 
Opportunities and Challenges in Crisis Informatics
Opportunities and Challenges in Crisis InformaticsOpportunities and Challenges in Crisis Informatics
Opportunities and Challenges in Crisis InformaticsLea Shanley
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCDavid Sweigert
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of warMark Johnson
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence OperationsPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformationSaraJayneTerp
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemAustin Eppstein
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012Sharmin Ahammad
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckJarno Limnéll
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
D372326.pdf
D372326.pdfD372326.pdf
D372326.pdfajmrdjournals
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochureEhab El Barbary
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageSara-Jayne Terp
 
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...CODE BLUE
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCDavid Sweigert
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of warMark Johnson
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformationSaraJayneTerp
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemAustin Eppstein
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012Sharmin Ahammad
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckJarno Limnéll
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageSara-Jayne Terp
 
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...CODE BLUE
 

Was ist angesagt? (20)

Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence Operations
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystem
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality Check
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of Disinformation
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
 
D372326.pdf
D372326.pdfD372326.pdf
D372326.pdf
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of age
 
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
 

Ähnlich wie Insa cyber intelligence_2011-1

Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
Dhs cybersecurity-roadmap
Dhs cybersecurity-roadmapDhs cybersecurity-roadmap
Dhs cybersecurity-roadmapAjay Ohri
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...DaveNjoga1
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...ssuser793b4e
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
D20110714cyber
D20110714cyberD20110714cyber
D20110714cybernitay123
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Silvia Cardona
 
Cyber terrorism.. sir summar
Cyber terrorism.. sir summarCyber terrorism.. sir summar
Cyber terrorism.. sir summarmanailmalik
 
Ikeepsafe Cyber Safety, Ethics and Security Competencies
Ikeepsafe Cyber Safety, Ethics and Security CompetenciesIkeepsafe Cyber Safety, Ethics and Security Competencies
Ikeepsafe Cyber Safety, Ethics and Security CompetenciesJohn Macasio
 

Ähnlich wie Insa cyber intelligence_2011-1 (20)

Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
Dhs cybersecurity-roadmap
Dhs cybersecurity-roadmapDhs cybersecurity-roadmap
Dhs cybersecurity-roadmap
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant Enterprise
 
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
 
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
DoD Cyber Strategy
DoD Cyber StrategyDoD Cyber Strategy
DoD Cyber Strategy
 
D20110714cyber
D20110714cyberD20110714cyber
D20110714cyber
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
 
Cyber terrorism.. sir summar
Cyber terrorism.. sir summarCyber terrorism.. sir summar
Cyber terrorism.. sir summar
 
Ikeepsafe Cyber Safety, Ethics and Security Competencies
Ikeepsafe Cyber Safety, Ethics and Security CompetenciesIkeepsafe Cyber Safety, Ethics and Security Competencies
Ikeepsafe Cyber Safety, Ethics and Security Competencies
 

Mehr von TechBiz Forense Digital

10 atributos que o seu firewall precisa ter
10 atributos que o seu firewall precisa ter10 atributos que o seu firewall precisa ter
10 atributos que o seu firewall precisa terTechBiz Forense Digital
 
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...TechBiz Forense Digital
 
Ata srp 015 2010 v1 - marinha - netwitness
Ata srp 015 2010 v1 - marinha - netwitnessAta srp 015 2010 v1 - marinha - netwitness
Ata srp 015 2010 v1 - marinha - netwitnessTechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Artigo velasquez (combate a crimes digitais)
Artigo velasquez (combate a crimes digitais)Artigo velasquez (combate a crimes digitais)
Artigo velasquez (combate a crimes digitais)TechBiz Forense Digital
 
C:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud WebinarC:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud WebinarTechBiz Forense Digital
 

Mehr von TechBiz Forense Digital (20)

Casos de sucesso
Casos de sucessoCasos de sucesso
Casos de sucesso
 
Cases forense[2]
Cases forense[2]Cases forense[2]
Cases forense[2]
 
Cnasi sp apresentação marcelo souza
Cnasi sp apresentação marcelo souzaCnasi sp apresentação marcelo souza
Cnasi sp apresentação marcelo souza
 
10 atributos que o seu firewall precisa ter
10 atributos que o seu firewall precisa ter10 atributos que o seu firewall precisa ter
10 atributos que o seu firewall precisa ter
 
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
 
Apresentação SegInfo
Apresentação SegInfoApresentação SegInfo
Apresentação SegInfo
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Palantir
PalantirPalantir
Palantir
 
Online fraud report_0611[1]
Online fraud report_0611[1]Online fraud report_0611[1]
Online fraud report_0611[1]
 
Ata srp 015 2010 v1 - marinha - netwitness
Ata srp 015 2010 v1 - marinha - netwitnessAta srp 015 2010 v1 - marinha - netwitness
Ata srp 015 2010 v1 - marinha - netwitness
 
Road Show - Arcsight ETRM
Road Show - Arcsight ETRMRoad Show - Arcsight ETRM
Road Show - Arcsight ETRM
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
Access data
Access dataAccess data
Access data
 
01 11- alexandre atheniense
01 11- alexandre atheniense01 11- alexandre atheniense
01 11- alexandre atheniense
 
16 03 - institucional
16 03 - institucional16 03 - institucional
16 03 - institucional
 
Artigo velasquez (combate a crimes digitais)
Artigo velasquez (combate a crimes digitais)Artigo velasquez (combate a crimes digitais)
Artigo velasquez (combate a crimes digitais)
 
C:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud WebinarC:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud Webinar
 

Kürzlich hochgeladen

Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditNhtLNguyn9
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 

Kürzlich hochgeladen (20)

Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal audit
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 

Insa cyber intelligence_2011-1

  • 1. ...setting the landscape for an emerging discipline... INTELLIGENCE AND NATIONAL SECURITY ALLIANCE CYBER INTELLIGENCE: SETTING THE LANDSCAPE FOR AN EMERGING DISCIPLINE SEPTEMBER 2011
  • 2. ACKNOWLEDGEMENTS INSA CHAIRWOMAN Frances Fragos Townsend INSA STAFF Ellen McCarthy, INSA President Chuck Alsup, INSA Vice President for Policy Jay Fox, INSA Senior Research Intern CYBER INTELLIGENCE TASK FORCE EDITING TEAM Terry Roberts, Executive Director, Interagency & Cyber, CMU/SEI Bill Studeman, Independent Consultant CYBER INTELLIGENCE TASK FORCE WRITING TEAM Barbara Fast, Vice President, CGI Michael Johnson, Senior Scientist/Computer Security Researcher, Sandia National Laboratories Dick Schaeffer, Riverbank Associates, LLC EDITORIAL REVIEW Joseph M. Mazzafro, Oracle National Security Group INSA SUPPORTS A HEALTHY PLANET INSA White Papers are printed on recycled paper that is 50% recycled content including 25% post consumer waste.
  • 3. EXECUTIVE SUMMARY E volving information systems technology has turned the cyber arena into a multi-dimensional attack space that extends the conventional landscape to a virtual domain where key economic and national security assets are exposed to significant threats. Individual, commercial, national, and international activities interact in this domain, increasing the space for offensive and defensive operations. Cyberspace is a haven for a broad range of disruptive operations, including reconnaissance, theft, sabotage, and espionage. It serves as an environment that allows threats to target hardware, software, financial assets, intellectual property, and individual identities. This paper is the first in a series developed by the Intelligence This paper assesses the cyber threat dynamic, economic and National Security Alliance’s (INSA) Cyber Council. It costs of cyber attacks and security, as well as the current is intended to broaden the vision of senior decision makers US approach to cyber intelligence. Based on these in government and industry. Our goal with this paper is assessments, we believe further discussion on the following to set the landscape for cyber intelligence by discussing topics across industry, academia and government would why it is necessary and providing thoughts on how to be a prudent investment in the future security and reliability approach the development of this function in the cyber of the increasingly important cyber domain. These topics domain. While there is a great deal of focus on current include the need to: cyber security issues, there is little focus on defining and 1. Systematically define and establish effective cyber exploring the cyber threat environment at a higher level. intelligence approaches, enduring professions, and Its unique dynamics and impact on our economy and needed skill-sets/training/education and technologies national security are understudied. In this paper, we will focus primarily on defensive cyber activities. There is a 2. Enable the creation of cyber intelligence related rapidly increasing need to fully leverage cyber intelligence policies, approaches, and pilot efforts across industry, assets and capabilities on a national and global scale academia/non-profits, and government that provide to address this ubiquitous, diverse, and evolving group unclassified situational awareness, indications, of adversaries. There is also a need to clearly define an warning data, analytics, and 24/7 unclassified and emerging cyber intelligence discipline that can be quickly classified (as appropriate) reporting to government and transparently shared with appropriate private and agencies, trusted industry, and global partners. The Cyber Council believes these pilot efforts are the most foreign partners. relevant value–added recommendations for setting The Cyber Threat Dynamic can be broken into three the landscape for cyber intelligence provided by this components: paper. The Cyberspace Environment 3. Establish public-private partnership cyber outreach forums that address these issues/concerns in a The Cyber Threat comprehensive, practical, and executable fashion The Convergence of the Effects of the Cyberspace 4. Build a meaningful virtual partnership among all Environment and the Threat relevant agencies and the private sector to ensure The two overarching costs from the cyber threat dynamic seamless sharing of threat information, timely are losses due to adversarial activities and the expense analytical judgments, and reasoned, measured of providing and maintaining security. In cyberspace, responses to clear threats the low cost of entry and easy access creates an Ultimately, effective cyber intelligence will begin to asymmetric environment in which public and private enable predictive, strategic warning regarding cyber sector organizations incur a disproportionate cost to threat activities, mitigate risks associated with the threat, defend compared to the consequence of attack. While enhance our ability to assess the effects of cyber intrusion, quantifiable assessments of the net impact of cyber attacks and streamline cyber security into a more efficient and cost are difficult to discern, the cost is great enough to warrant effective process based on well informed decisions. the need for a cyber security apparatus supported by sophisticated cyber intelligence. INSA CYBER INTELLIGENCE WHITE PAPER | 3
  • 4. INTRODUCTION: TODAY’S CYBER ENVIRONMENT D uring the 20th Century, the United States experienced tremendous economic and industrial growth as inventors, entrepreneurs, and The United States policy makers partnered to turn ideas into labor saving and life as a whole has enhancing technology. During this time period, government and industry yet to put in needed to collaborate in unprecedented ways in order to serve national interests and meet security requirements. place systemic approaches, Advances in information systems technology enabled collaboration among individuals and states regardless of location. Innovation accelerated, and tradecraft, benefits to the United States overshadowed concerns about how these technologies, new capabilities might be used for malicious purposes. These same breakthroughs gave unprincipled individuals, organizations, and nations and end-to-end a new range of tools with which to perpetrate theft, fraud, sabotage, solutions across and espionage. government, A reactive patchwork of technology and processes with the purpose of academia, developing a preplanned comprehensive approach to constructing and and industry. using the global network emerged to address the deficiencies created by what was viewed as a temporary fad by these “hackers” and other unsavory interlopers. Historically, government and industry often collaborated on key technological innovations, like nuclear power, to utilize efforts for the common good. Today, government agencies and industry often seem to pursue separate (perhaps counter-productive) policies, in lieu of cooperating effectively to address incoming threats to our local and global network domains. The government, as in other areas, has unique insights into the threat space but cannot seamlessly share these insights with the very industries that own and operate over 90 percent of the telecommunications’ infrastructure and operations. This is further exacerbated by the common misperception that these threats are technical and tactical level attacks best handled at the unit or individual domain level. This bifurcated approach has resulted in the loss of precious years while the cyber threat vectors and activity levels have grown exponentially. Furthermore, the United States as a whole has yet to put in place systemic approaches, tradecraft, technologies, and end-to-end solutions across government, academia, and industry. While there is a great deal of focus on current cyber security issues, there is very little focus on truly defining and exploring the cyber threat environment at a higher level, its unique dynamics, and the potential impact on our economy and national security. We need to fully leverage cyber intelligence assets and capabilities to address this ubiquitous, diverse and ever evolving category of adversaries. This white paper addresses the following dimensions of the cyber threat environment: I. The New Dimension: Cyber Threat Dynamics III. The Role of Intelligence in the Cyber Arena II. Impact of Current Levels of Cyber Attacks: IV. Areas for Further Discussion and Review The Economics 4 | Intelligence and National Security Alliance | www.insaonline.org
  • 5. I. THE NEW DIMENSION: CYBER THREAT DYNAMICS E merging information systems technology enables the cyber arena to extend the conventional landscape to a virtual domain where key economic and national There is a rapidly security assets are subject to threats. The convergence of the cyberspace increasing need environment and threat vectors creates a complicated dynamic. to fully leverage The Cyber Threat Dynamic can be broken into three components: cyber intelligence 1. The Cyberspace Environment assets and 2. The Cyber Threat capabilities on 3. The Convergence of the Effects of the Cyberspace Environment and the Threat a national and global scale to 1. THE CYBERSPACE ENVIRONMENT clearly define Cyberspace has become a global commons that has enhanced interaction, information exchange, and productivity. However, it is also a haven for a broad the emerging range of disruptive operations, including sabotage, reconnaissance, theft, and cyber intelligence espionage. It serves as an environment that allows threats to deny, disrupt, degrade, discipline. or destroy hardware, software, and intellectual property. The Relevance of the “Information Super-Highway.” Although the Internet and highway system analogy may be a bit of a cliché, commerce is instructive when examining the cyberspace environment and the economic impact of cyber intrusions. Imagine if businesses in the United States could not use the interstate system to reliably transport goods. Similarly, in the early days of overseas commerce, ships would often be captured by pirates and bandits who would rob merchants with impunity and little penalty. During World War II, merchant convoys relied on military escorts, which in turn, relied on industry for supplies and innovations. This symbiotic partnership between industry and government was foundational to the economic growth of this nation and the world economy. Today 90 percent of all commerce takes place on the seas, mostly without incident. The Internet has assumed an analogous stature in its role in financial transactions and the exchange of information. Protecting this “super-highway” is a global imperative for the public, private, and academic sectors. A Multi-Dimensional Attack Space. The cyber environment, coupled with technology, has created a new multi-dimensional attack space. There is an interconnection between the spatial, physical, logical, and social layers through which the adversary moves with impunity. The complexity of this attack space means that investigators must understand the relationship between these layers and pinpoint the perpetrator’s origin and intent in order to gain attribution. With the convergence of computers and telecommunications networks, the defenders must look at this problem as a whole and then disaggregate into its parts. There is a merging of wired, wireless, and optical technologies (networks and RF). Whereas before enterprise networks might be viewed distinctly from hand- held devices or tactical radios, now the cyber network stretches from the enterprise network and its infrastructure to wireless devices being used at the tactical edge by the military, law enforcement, shoppers, or drivers using GPS-enabled devices. INSA CYBER INTELLIGENCE WHITE PAPER | 5
  • 6. with each other. In most cases, laws have not kept pace with the technical ability of an adversary Ultimately, effective cyber intelligence will begin to move rapidly through national, to enable predictive, strategic warning regarding academic, commercial, and private internet service providers. cyber threat activities, mitigate risks associated The lexicon is especially confusing with the threat, enhance our ability to assess the because it remains immature. For example, there is no agreed effects of cyber attacks, and streamline cyber definition of what constitutes an security into a more efficient and cost effective attack on a nation or a breach process based on well informed decisions. of sovereignty. Often theft, espionage, reconnaissance, or even simple hacking is described as an attack. Contrary to physical domains and sciences, this The Consequences of Outsourcing. environment is truly a complex and dynamic cyber- The U.S. government has significantly outsourced ecosystem that demonstrates unexpected emergent significant portions of the design, implementation, behaviors every day. Similar to physics in the early and maintenance of Information Technology (IT) to 1800s, we are still in the early stages of understanding other countries, where our potential adversaries can cyber as a domain and its implications. Cyber easily insert themselves into our logistical chains. science, engineering, and domain are in their infancy, The United States and other developed countries and all are being driven at the speed of continuous have outsourced their IT development for economic technological development. Little is designed with the reasons, but the market is failing to account for the strategic vision to systematically mitigate threats; much reality of the increased security risk. The present is evolved in a tactical, reactive way. New versions situation is as dangerous as if the United States of exploits are launched globally every day, resulting decided to outsource the design of bridges, electrical in new vulnerabilities. Given this flaw of software and systems, there is no end in sight to the repetitive iterations of tactical attack and defense. The government has unique insights into the threat space but cannot seamlessly share these The Gap Between Law and the Threat. insights with the very industries that own and National and international laws, operate over 90% of the telecommunications’ regulations, and enforcement are still struggling to catch up to infrastructure and operations. cyber activities worldwide. Rules, protocols, and standards are few and disconnected, often conflicting 6 | Intelligence and National Security Alliance | www.insaonline.org
  • 7. grids, and other physical infrastructure Attack Sophistication vs. Intruder Technical Knowledge g to the Soviet Union during the ounterfeit malicious counterfeit hardware High persistent malware infiltration email propagation of & persistent surveillance Cold War. In tandem with the “stealth”/advanced scanning malicious code adaptive, high-impact, techniques outsourcing of IT development, the sophisticated targeted attacks on command control systems critical infrastructures Average Intruder Knowledge targeted & control IT systems themselves are becoming widespread attacks using NNTP to distribute attack increase in supply-chain compromises coordinated increasingly complex. Increased worms cyber-physical attacks Attack Sophistication widespread attacks on system complexity means that there DNS infrastructure DDoS attacks massive botnets increase in targeted phishing & vishing are more exploitable vulnerabilities executable code attacks (against widespread attacks on automated browsers) anti-forensic techniques that arise by accident and more client-side software widespread attacks opportunities to hide deliberately GUI intruder home users targeted widespread attacks on web applications introduced vulnerabilities, while it tools distributed attack tools hijacking sessions becomes harder for the finite number increase in wide-scale Trojan horse distribution of trusted experts to check systems for Internet social engineering attacks widespread denial-of-service integrity. attacks techniques to analyze code for vulnerabilities Windows-based remote automated without source code controllable Trojans packet spoofing probes/scans (Back Orifice) 2. CYBER THREAT 1990 2010 Low The threats to our national security and economic interests in the cyber © 2011 Carnegie Mellon University 1 arena vary in identity, objectives, Figure 1: The Evolution of Attack Techniques/Technologies1 assets, and capabilities. Their range can stretch from disruption, to simple theft, to taking down critical property is not an uncommon practice among some infrastructure, to disrupting government functions. The national governments and state industries. Some advantage almost always lies with the threat. Ability and states use the Internet to conduct offensive operations intent of these actors become important distinctions to the as part of their doctrine. These operations include defender’s action. disrupting lines of communication and the target’s communications medium. This should be viewed as a Varying Profiles. new tool in the warfare toolbox—not unlike the advent Attackers do not need to be well educated nor well of armored or aerial warfare. resourced. They can come from any social cross section. They simply need to have intent and the ability to use No Boundaries to Geographic Location or Objectives. technology to perpetrate their activity. Below are a few There are no geographic boundaries in cyberspace. illustrations: Individual, group, and/or nation-state attackers can reside Age is irrelevant. Young teenagers in various countries anywhere. Objectives are similarly boundless. Attack have used the Internet to hack into Pentagon sites. motives vary from simple curiosity, personal vendettas, financial or intellectual property gain, and/or a desire to Criminals have created international gang activity harm an institution or state. Targets include individuals, using the Internet as their medium with drugs, groups, commercial interests, infrastructure, and nations. pornography, human trafficking, and financial gain among their activities. Criminals also sell capabilities Assets and Capabilities. and services to other criminals, groups, and even Offensive techniques and technologies have rapidly states. evolved over the past twenty years. Figure 1 illustrates the Terrorist groups are using the Internet to conduct their emergence of new and more sophisticated threat assets operations, recruit, and coordinate on a larger scale. and capabilities since 1990. This emergence is based on an improvement in attacker skill sets and more advanced Nation-states are using the Internet to conduct technology at their disposal. reconnaissance and espionage. Stealing intellectual INSA CYBER INTELLIGENCE WHITE PAPER | 7
  • 8. 3. THE CONVERGENCE OF THE EFFECTS OF THE Fostering an Asymmetric Cyber Threat. CYBERSPACE ENVIRONMENT AND THE THREAT The cyber domain encompasses a new and profound The heart of the cyber threat dynamic is where the effects dimension of asymmetric warfare. Historically, adversaries of the cyberspace environment and the threat meet. This of all types have chosen to take advantage of an opponent convergence has a multiplying effect on the vulnerabilities where and when he or she is weakest, especially if of cyber targets. the attacker is outmatched. Because of the attacker’s familiarity with the infrastructure, cyberspace offers an opportunity to extend the landscape to a virtual While there is a great deal of focus on current domain where both key economic and national security dynamics are cyber security issues, there is very little focus on truly at play. Individual, commercial, defining and exploring the cyber threat environment at national, and international activities a higher level, its unique dynamics, and the potential all work and socialize in this domain, increasing the space to impact on our economy and national security. attack and defend. In this domain, it is not necessary for a peer-on-peer relationship to be present, nor is it necessary for the Attacker’s Familiarity with the Cyber Infrastructure. attacker to be victorious. The lone individual, the criminal Attackers derive an advantage in preparing and executing group, or a developing country can be just as dangerous an attack from their familiarity with the hardware and as the well resourced and situated advanced player. The software the victim uses. The attacker can experiment and disadvantage lies with states and global commercial interests perfect an attack on the same commodity infrastructure his whose equities rely on the Internet and interconnectivity victim is likely to have. Part of the cost of using a cookie for national security and economic trade. While every cutter computing platform has been to give attackers nation is vulnerable, there are places that offer particularly the blueprints to our infrastructure. These blueprints, lucrative launch points for the hacker. Failed states enable combined with the complexity of the infrastructure that opportunities for hackers, as they do for criminals and gives them a place to hide, are all they need. The terrorists. These states are simply not resourced, or they software architecture is both intricately complex and are too corrupt to bring governance, law, or order to relatively inexpensive, resulting in economies of scale bear on the issue. There are other nations that tolerate that complicate cost metrics. We have taken advantage hackers within their borders so long as they are not the of this economic leverage to such a degree that virtually victim themselves. everyone has a clone of everyone else’s infrastructure. A cyber threat retains an advantage due to the inscrutable complexity of IT infrastructure but also to its ubiquity as an inexpensive commodity. Terry Roberts. Executive Director Interagency and Cyber, Carnegie Mellon, SEI Cyber Intelligence - Foundational to Cyber Mission Assurance. February 8, 2011 1 8 | Intelligence and National Security Alliance | www.insaonline.org
  • 9. Exploiting the Current Defense Paradigm. As in other forms of asymmetric warfare, a perimeter defense is not effective. In Because of the attacker’s familiarity with the cyberspace, it is all the more challenging infrastructure, cyberspace offers an opportunity with the extra obstacles of time, technology, to extend the landscape to a virtual domain laws, and attribution, among others. Attackers continue to migrate from less where both key economic and national security sophisticated denial of service operations dynamics are at play. to very complex attacks. The Stuxnet attack on select networks that operate centrifuges in nuclear facilities provides an example. Attackers now assume legitimate identities as the speed of networks increases, it allows the to illegally procure intellectual property and conduct perpetrator to maintain the initiative. The hacker can other operations. Attackers also insert command and take full advantage of the speed of hardware, software, control code that lies in wait inside a victim’s network and communications technology upgrades to expedite until activated to conduct a pre-designated activity. his/her attack vectors. The defender is continuously in a They are increasingly able to manipulate the content game of catch-up. As the defender identifies new attacks of information in order to meet their objective and and implements new security measures under ever tighter influence the actions of the victim. All of these actions timelines, the attacker simply continues to outrun these can be easily perpetrated from locations thousands of measures. For example, some criminals now sell an instant miles away at a time of the perpetrator’s choosing with identification service of ongoing on-line transactions to chilling effect. customers who then are able to steal money in that same time space. Time Favors the Attacker. The dimension of time has changed the threat environment, Shared Threat and Shared Responsibility. favoring the attacker. Attacks from around the globe Today’s cyber threat dynamic is a shared threat among happen in seconds, transiting through multiple waypoints public, private, and government entities. This common that often mask their movement to the victim. The lack threat creates additional and unprecedented risks, of geographic boundaries permits optimized, virtual realities, and vulnerabilities. The attacker can use the routing to the destination. If the attacker is successful in same mechanism to strike multiple targets. Civilian breaching a network’s perimeter, the attacker can move “casualties” and collateral damage are very likely. For quickly, slowly, or lie dormant, depending on the nature example, attacks on critical infrastructure, like electricity, of the victim’s network and intruder’s intent. Additionally, can have second and third order effects on hospitals, emergency services, and other unintended victims. Cyber threats can breach touch-points between Cyber science, engineering, and domain are in their government unclassified and infancy, and all are being driven at the speed of classified systems. In the absence continuous technological development. Little is designed of a completely new Internet architecture, the public and with the strategic vision to systematically mitigate threats. private sectors are intrinsically linked, interdependent, and must collectively devise and adopt solutions to be effective. INSA CYBER INTELLIGENCE WHITE PAPER | 9
  • 10. II. IMPACT OF CYBER ATTACKS AND COST OF CYBER SECURITY: THE ECONOMICS T he two overarching costs from the cyber threat dynamic are the losses due to an intrusion and the expense of providing and maintaining security. In the We are not cyber environment the low cost of entry and easy access creates an asymmetric effectively or environment for “piracy and plunder.” Anyone with a computer can be a pirate whether he or she is working for a state government or out of his/her garage. In comprehensively 2003 estimates of losses due to cyber attacks ranged from $13 billion to $226 collecting and billion.2 While these estimates are often challenged, the impact is certainly assessing key significant, and the key risks and costs we incur by not effectively addressing the breadth of threats to the cyber domain must be addressed. data points to tell us the cumulative AMBIGUOUS ESTIMATES OF ECONOMIC COSTS. impact and The first challenge we face is determining the quantifiable effects of cyber attacks cost of all of and security. The absence of accurate damage assessments is a critical shortcoming. Many researchers have published diverse estimates of the actual and potential our respective economic costs. Kshetri (2010) quotes an FBI/McAfee study as estimating US costs government and of cybercrime at $400 billion annually.3 Anderson (2010) estimates the potential losses from a successful cyber attack on the UK’s petroleum infrastructure to be on industry losses the order of hundreds of billions of dollars.4 of intellectual The impact on business, government, and individuals from cyber attacks has property and progressed significantly from distraction and moderate disruption to an inability to personal data. operate or communicate for days. Typically in commerce, the potential for dishonest interactions and financial losses has been coupled with the recognition that this could be quantified, managed, and included as a business cost. However, cyber disruptions are not always correlated to IP losses, financial theft, or IT sabotage. This clouds the impact and increases risk to businesses and governments. We have advanced beyond mere “acceptable levels of loss” to levels where effective ownership of an individual’s, company’s, or country’s finances, operations and intellectual property may be at stake. The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown. However, it is not yet clear that the business community understands or accepts this increase in risk. The bottom line is that we are not effectively or comprehensively collecting and assessing key data points to tell us this important story – the cumulative impact and cost of all of our respective government and industry losses of intellectual property and personal data. 2 www.cisco.com/warp/public/779/govtaffairs/images/CRS_Cyber_Attacks.pdf. 3 Kshetri 2010. 4 Anderson 2010. 10 | Intelligence and National Security Alliance | www.insaonline.org
  • 11. CRITICAL INFRASTRUCTURE: A SECURITY IMPERATIVE. Critical infrastructure is at significant risk Today’s cyber threat dynamic is a shared threat to this form of warfare. Much of the world’s critical infrastructure, including in among public, private, and government entities. the energy, finance, and transportation sectors, was created and netted before the security imperative became in space, worst case attack or warfare scenarios at the apparent. Even if the infrastructure has modernized high end of conflict can mean the complete breakdown security features, it remains vulnerable to attackers who of daily life as we know it. Simulations of a weaponized find entry via legacy software that provides trap doors cyber attack against our global telecommunications into the larger, modernized network. executed against military and government systems, industry, and critical infrastructure portend the significant RISKS TO IDENTITY AND INFORMATION SECURITY. risk associated with our dependency on information age Legitimate IT users must constantly question whether the systems. At the mid-point of the threat spectrum, there equipment is leaking their information. Average users are are potential losses of trust in the decision, control, and becoming more aware that the first time they may know execution functionality we have come to associate with of exfiltration of their data is when they read it in the news modern precision engagement warfare. At the lower or when an adversary uses it against them. Today, users end of threat, ideas, data, and resources are stolen; must choose either to keep their information “off the grid” functionality is hacked; service is denied; and privacy or to take an unquantifiable risk that it will end up in the and civil liberties are violated. Our lives and institutions wrong hands. The cost of losing proprietary or personal can generally be disrupted, probed, and exposed. information must be constantly considered alongside the opportunity cost of sequestering information from our Impacts and risks our society faces based upon today’s networked IT infrastructure. Likely, it is the most innovative, incoming cyber threats include: sensitive, or insightful (and thus useful) information that has This the greatest need for legitimate, but controlled, sharing. could result in “the release of sensitive or classified Unfortunately, this information is often either over-controlled government information; the disruption of critical or too easily accessible. This continuous set of choices information; and the undermining of agency is very real and costly in time, technology, management, missions.”5 This fundamentally threatens our and bureaucracy. national security. Our THE THREAT STAKES ARE HIGH AND EVER INCREASING IN nation’s prosperity depends on assured and highly THE CYBER DOMAIN. performing information systems. The reliance of stock At the high end of the threat spectrum, national survival markets and financial institutions on the Internet and could potentially be at stake in the most extreme associated networks, as well as the operational circumstances. Our dependencies on net-centricity, IT requirements for command and control by our and telecommunications, and the related microelectronics diplomatic, military, and intelligence organizations and paths that facilitate information age processes have identify our digital infrastructure as a critical national become vulnerabilities for virtually all modern states. Using security asset. The President has pledged to make the broadest definition of “cyber” as part of information this infrastructure “secure, trustworthy, and resilient.”6 operations, including both the kinetic (e.g. EMP) and Cyber threats expose this infrastructure to significant risk. non-kinetic threats to our modern decision and control processes, and by adding our increasing vulnerabilities 5 Montalbano 2010. 6 Goldsmith 2010. INSA CYBER INTELLIGENCE WHITE PAPER | 11
  • 12. Increased Vulnerability to Our Critical Infrastructure. We continue to push initiatives The reliance of stock markets and financial for deeper integration of information systems institutions on the Internet and associated of all sorts (e.g., energy “smart grid,” networks... identify our digital infrastructure medical records, and air-traffic control) with the Internet.7 This integration is driven as a critical national security asset. by powerful economic incentives on the part of both business and government.8 This integration creates the possibility of a approaches cannot keep up. Examples include distributing multiplier effect of cyber attacks. “up-to-date” malware signatures when much of today’s Short-Term Goals Versus Long-Term Vision of Cyber malware presents a unique signature for every infection; Security. In the early days of the Information Age, searching for an “optimal” operating system security government and industry reaped the benefits of configuration and then replicating it in a monoculture productivity and economic gain associated with IT across a large network; conducting thousands of hours and the Internet. However, they have probably not of “extensive” testing that covers only a small fraction of sufficiently invested in properly securing these critical a system’s total space; and imposing new programming infrastructures. We will experience long-term costs if paradigms in the mistaken belief that they can eradicate these systems are disrupted or incapacitated. Security vulnerabilities from software. vulnerabilities in information technology represent a market externality because the costs from insecurity INEFFICIENCIES OF THE CYBER ARMS RACE. are either not borne by the party best able to address them (PC industry, cell phones) or do not fully represent Attempting to secure our systems under current cyber the cost to society (critical infrastructure)9. Economic practices is a costly, ineffective, and never-ending incentives of industry are aligned against sharing of struggle. We must avoid an offensive-defensive cyber information about security threats and actual security “arms race” which consumes extensive resources, yet fails incidents.10 As an example of one kind of disincentive, to produce an enduring or definitive outcome. At best, the share price of companies reporting a significant adversaries struggle for strategic parity, with one ending cyber breach fell an average of 1 - 5 percent.11 up bankrupt and all having little to show for it. At worst, an adversary conceives of the problem from a different A REACTIVE AND COST INTENSIVE APPROACH. perspective (unbeknownst to us), and we are blindsided through technological surprise. Significant time and resources are spent in cumulative attempts to address the latest threat vector and to improve We need to systematically collect key metrics on all of cyber security. Federal Information Security Market, the above activity levels from government and industry so 2010-2015, indicates that demand for vendor-furnished that the real impact is known and the top risks identified information security products and services by the U.S. can become the priority for resolution. The irony of federal government will increase from $8.6 billion in reporting the impact of a cyber breach is that reporting 2010 to $13.3 billion in 2015 at a compound annual also puts the company or government agency “on report” growth rate (CAGR) of 9.1 percent. to all. Therefore, this key data should be collected by a not-for-profit, trusted third party, and the trends and the These huge government expenditures result in only cumulative impacts should be shared with all in a non- momentary benefit because the threat vectors are moving attributable manner. at the speed of technology, and our current, reactive 7 Goldsmith 2010. 8 Anderson 2010. 9 Anderson 2010. 10 Anderson 2010. 11 Cashell 2004. 12 | Intelligence and National Security Alliance | www.insaonline.org
  • 13. III. THE ROLE OF INTELLIGENCE IN THE CYBER ARENA T he previous two sections have addressed the cyber threat dynamic and the impact of cyber attacks and security. As in any form of security, intelligence Effective cyber is a key component of tactical and strategic decision-making. Effective cyber intelligence will intelligence will enhance our ability to assess the effects of cyber attacks (a critical shortcoming identified in the previous section), mitigate risks associated with the enhance our threat, and streamline cyber security into an efficient and cost-effective process ability to assess based on well informed decisions. the effects of DEFINING THE THREAT INTELLIGENCE MISSION (A PHILOSOPHICAL TUTORIAL). cyber attacks, The role of intelligence in any capacity is to collect, analyze, and produce mitigate risks information to provide complete, accurate, timely, and relevant threat assessments to associated with inform decision makers who act on the information. It is usually most effective when it is disseminated at the lowest possible classification level for the maximum number the threat, and of relevant users facing these threats. In performing this mission, the intelligence streamline cyber agencies seek to penetrate actual or potential threat targets consistent with national security into an strategic, operational, and tactical priorities. These agencies then seek to produce intelligence on adversary or threat capabilities and intentions in a manner that efficient and “connects” with the maximum number of relevant customers. cost effective process based THE ROLE OF THREAT INTELLIGENCE PROCESSES TO DRIVE ACTIONS. Intelligence and threat analysis does not exist for its own purposes. When threat on well informed details are suppressed or ignored, national security incurs significant consequences. decisions. It is important to sustain a high level of performance in the dynamic cyber arena. This environment is where threats develop rapidly and are fueled by new concepts for the use of pervasive IT. New waves of innovative capabilities seem to break over users in tsunami fashion, be it the coming cloud architectures or the continuing revolution in personal devices connected to the networks. Given this relentless and constantly unfolding environment, intelligence might be successful in keeping pace with technological innovation. Conversely, it might be slow, or even wrong in its assessments of the threat dynamic. It is therefore important to evaluate public and private cyber intelligence activities that support these security missions in a strategic manner. THE “CYBER INTELLIGENCE COMMUNITY.” This unique, currently ad hoc, community is made up of government, telecommunication and internet providers, CERTs, and other formal information security entities, specialty companies, and vendors. The members of this community engage in a myriad of activities that could be the potential victim of a cyber threat. This “Cyber Intelligence Community” is currently an informal coalition of the willing that collects and analyzes unclassified and classified cyber intelligence data and trends. There is no formal mechanism across industry and government cyber intelligence entities that successfully collects, processes, and analyzes all identifiable key cyber threat behavior and reports it at an unclassified or reasonable classification level to all appropriate customers. An effective connection between intelligence provider and the customer means that the customer has understood and internalized the intelligence resulting in action to work the intelligence and mitigate the threat. Good intelligence professionals relentlessly INSA CYBER INTELLIGENCE WHITE PAPER | 13
  • 14. pursue interactions with The “Cyber Intelligence Community” is currently an informal customers to ensure that: the data is collected, coalition of the willing that collects and analyzes unclassified analyzed, and conveyed; and classified cyber intelligence data and trends. the intelligence serves customers’ purposes; and some action is being Human Intelligence (HUMINT), Open Source Intelligence taken (or deliberately (OSINT), Geospatial and Measurement Intelligence not taken). This cycle can be referred to as a constant (GEOINT), and the volumes of unclassified network data process of story-finding, story-telling, story-updating, story- and behavior being watched by global CERTs. Continuous listening, and story-heeding. A concept to institutionalize liaison among all related parties is critical so that sharing this ad hoc community is currently missing. is seamless. This ensures an evolving, improved level of insight and reporting to an increasingly secure and highly CYBER CONFLICT DOES NOT EXIST IN A VACUUM. performing cyber environment for all. The Joint Chiefs of Staff Pub 1 (unclassified) definition of Information Warfare integrates Electronic Warfare/Attack, This evolving cyber intelligence tradecraft requires deep Computer Network Operations (for Offense, Defense, and powerful technical and analytic expertise at all levels. and Exploit), Military Information Support Operations Such technical talent and related capabilities remain (MISO) (previously psychological operations), operational ill-defined and in short supply across government and deception, and operational security. These operations industry. An institution that has made some headway in can be kinetic and/or non-kinetic. There are adjacent this regard is the Information Assurance Directorate (IAD) definitions for Strategic Communications, Space-related at the National Security Agency. IAD is the front line missions, Covert Action, etc. When these missions are of the defensive cyber mission. It commands substantial successfully integrated together by a capable adversary resources, high performing talent, strong processes, in time and space to create the maximum effects, the and informed outreach. It also works hand in hand with results can be devastating. The cyber arena has these military, public, and private partners to ensure that our universal adjacencies and overlapping considerations cyber capabilities and intellectual property are defended which intelligence managers must take into account for and that our defense is informing offense and vice versa. offensive planning and execution, as well as in building IAD is a good start, but we must emulate their good and operating defensive resilience and response. practices and innovativeness in defining professional attributes, associated education, and training goals for INVESTING IN CYBER INTELLIGENCE TRADECRAFT, the unique career fields associated with the cyber realm. SKILL SETS, AND CAPABILITIES. The vast majority of the dangerous activity occurs A substantial and continuing investment in cyber within the .com domain (as opposed to the .gov or .mil intelligence should be a strategic imperative in the domains) and over 90 percent of the threat data and information age. It is also imperative to use that analytics are unclassified. Therefore, as a nation, we intelligence to safe guard our ability to maintain security. have systematically relegated the identification, tracking, We must ensure that stable domestic and international and reporting of this threat to the network operations economies are not jeopardized by possible conflict with arena and IT professionals without the inclusion of the rival powers, rogue states, failing or failed states, modern invaluable expertise and the analytic tradecraft of the terrorists and thieves, and WMD proliferators. All formal U.S. Intelligence Community. and informal intelligence disciplines contribute to these imperatives, including Signals Intelligence (SIGINT), 14 | Intelligence and National Security Alliance | www.insaonline.org
  • 15. IV. AREAS FOR FURTHER DISCUSSION AND REVIEW O ur national ability in the area of cyber intelligence remains unclear. There is evidence that we are collecting effectively in this complex area. There is As a nation, sound open source evidence that we are acquiring significant cyber and we have information warfare capabilities. Unfortunately, as a nation, we remain exposed and vulnerable to focused cyber threats. The uncertainty associated with this situation systematically raises many questions including: relegated the Does the rush to play in the capability and profit arenas of Information Age markets identification, simultaneously drive us to a potential abyss, by causing us to ignore, play down, tracking, and over-classify, or restrict the inconvenient cyber truths required to have information reporting of security and assurance concurrently? this threat to Are our innovative endeavors so focused on markets and functionality that we the network cannot simultaneously innovate to some low, medium, and high levels of information security and overall hardening in the process? operations arena and IT Has intelligence done a sufficient job of informing the community and public on cyber threats writ large? professionals One can infer the answer to these questions is negative since there is a universal without the clamor in many concerned public and private quarters that more needs to be done inclusion of to distribute timely threat data, situational awareness and warning. This needs to the invaluable be data that has specific details, not just data at a high level. The U.S. military has been so overwhelmingly superior globally against niche adversaries who threaten in expertise and certain dimensions that we have not had to face the comprehensive specter of real the analytic cyber warfare. Literature has been full of stories of looming or developed threats tradecraft of the which, under the worst circumstances, can have grave implications for defense and national critical infrastructure in terms of conflict and crisis functionality. U.S. Intelligence Community. Virtually the entire U.S. Intelligence Community (working with extended partners) is involved to one degree or another in cyber threat matters. The means exist, albeit often at the classified levels, to collect, analyze and produce estimative and fact based data on both an in-depth research analysis basis or as current intelligence. Some organizations like NSA, CIA, DIA, DHS and the military services are more involved than others. However, the actual handling and security classifications of threat information are pervasive problems in disseminating cyber intelligence. New ways need to be found to clear those who need to know, quickly sanitize the INSA CYBER INTELLIGENCE WHITE PAPER | 15
  • 16. data, or not classify information to maximize the widespread and detailed effectiveness. We must consider a national intelligence consortium Classification should only be or federation and defined public-private partnership used when there is a requirement concepts, which could implement an effective continuous to protect sources and methods or as it relates to our own attack capability of collecting, organizing, analyzing, or exploit means. We need to disseminating and leveraging threat intelligence. develop sharing concepts on both threats and solutions, so that every effort is expended to disseminate the details to federal, state, local, tribal, private, and key intelligence. This cannot be left to the formal U.S. defense foreign partners. and intelligence communities alone because their equities exist on narrower national security lines. Additionally, the DEALING WITH LARGE-SCALE, COMPLEX NATION-STATE OR U.S. government has only a limited role in developing the current family of digital age software, hardware, MARKETPLACE PROBLEMS. and global telecommunication networks being used or Organizing for success is the key, and it should be designed for the future. underpinned with strong governance to drive and/ or track results. Overall, we must consider a national intelligence consortium or federation and defined public- IDENTIFYING THE CUSTOMERS. Assuming we will optimize the creation and dissemination private partnership concepts, which could implement an of cyber intelligence at every appropriate level, we need effective continuous capability of collecting, organizing, analyzing, disseminating and leveraging threat to understand the customer set for threat intelligence. This is a key question because if there are to be strong connections between government and industry partners, we must define, understand, and We need to develop sharing concepts on both threats establish their respective roles and solutions, so that every effort is expended to and alignments to create a cyber disseminate the details to federal, state, local, tribal, intelligence consortium analyzing and reporting current threats and private, and key foreign partners. serving customers. 16 | Intelligence and National Security Alliance
  • 17. CONCLUSIONS. In response to the preceding Overall, we must consider a national intelligence paragraphs, we make the following consortium or federation and defined public-private suggestions across industry, partnership concepts, which could implement academia and government. an effective continuous capability of collecting, 1. Continue to promote discussion, organizing, analyzing, disseminating and debate, and action on systematically defining and leveraging threat intelligence. establishing effective cyber intelligence approaches, enduring professions, needed skill-sets/training/education and technologies: Identify the specific technical means utilized or planned for cyber attack operations in deep Development of strategies (beyond current “patch technical detail to include supply chain issues, and pray” processes), policies, doctrines, legal paths to be exploited, nature and character of frameworks, and overall global context for cyber deployed infections, systems/product weakness, intelligence matters effects, and anticipated planned or ongoing adjacent activities Increase global business, diplomatic and other forms of engagement, which should discuss Maintain detailed cyber situational awareness potential ways to create more stability and mutual writ large security in the cyber arena in order to reduce the potential for cyber conflict, theft, sabotage, and Participate in the rapid control and release espionage of cyber means in order to ensure a viable intelligence gain and loss awareness Support development of deterrence, dissuasion, and other high level concepts and measures for Identify what criminal activities are ongoing or maintaining peace and stability at all levels of have already happened in cyber networks, do conflict and crisis formal damage assessments in these areas, and support development of improved defenses Define cyber intelligence professions, needed skillsets, training, and education for both industry Partner on research and development in the and government needs challenging areas of attack attribution, warning, damage assessment, and space related threat 2. Enable the creation of cyber intelligence related collection and analysis polices, approaches, and pilot efforts across Organize and support counter-intelligence and industry, academia/non-profits, and government counter-espionage (CI/CE) activities, with special that provide unclassified situational awareness and focus on identifying/using auditing tools and indications and warning data, analytics and 24/7 processes to deal with the insider threats unclassified and classified (as appropriate) reporting to government agencies, trusted industry, and global Create a consistent and meaningful approach for partners: the cyber equivalent of Battle Damage Assessment (BDA)/Combat Effectiveness Assessment Corporately define specific activities, plans, and intentions of adversaries; continuously identify current and emerging threat vectors, and support our plans and intentions INSA CYBER INTELLIGENCE WHITE PAPER | 17
  • 18. 3. Establish public-private partnership cyber outreach forums that address these areas We believe there is an urgent need to better define and in a comprehensive, practical, and executable fashion. These develop cyber intelligence as a new discipline in the forums can take the form of IC. Such a discipline will also demand discussion of commissions that study the the unique training, education, skill sets, and tradecraft demand for cyber intelligence and value added to that will be required to successfully conduct meaningful cyber security. collection and analysis in the cyber domain. 4. The dilemma that exists in the current cyber intelligence apparatus is that DHS has the authority but lacks the We believe there is an urgent need to better define experience and capabilities to orchestrate a and develop cyber intelligence as a new discipline in comprehensive approach to cyber intelligence. the IC. Such a discipline will also demand discussion of DoD has much of the actual cyber intelligence the unique training, education, skill sets, and tradecraft capabilities, and private industry owns most of the that will be required to successfully conduct meaningful infrastructure. Ultimately, INSA’s Cyber Council collection and analysis in the cyber domain. These and would like to see a meaningful partnership among all related topics, such as the role of cyber intelligence in relevant government agencies and the private sector other aspects of cyber operations and who is best suited to ensure seamless sharing of threat information, to develop this discipline, will be the subject of further timely analytical judgments, and reasoned, discussion and white papers by the INSA Cyber Council. measured responses to clear threats. As stated earlier, there is clearly a great deal of focus on cyber security issues. Hardly a day goes by without some news of a major hacker attack on government and industry information infrastructure or reports of a significant security breach. The economic and national security ramifications are apparent. Our ability to truly define, explore and analyze this cyber threat environment in a thoughtful, methodical manner at a reasonable level of classification is not yet well developed. 18 | Intelligence and National Security Alliance | www.insaonline.org
  • 19. ABOUT INSA INSA is the premier intelligence and national security organization that brings together the public, private and academic sectors to collaborate on the most challenging policy issues and solutions. As a non-profit, non-partisan, public- private organization, INSA’s ultimate goal is to promote and recognize the highest standards within the national security and intelligence communities. INSA has over 150 corporate members and several hundred individual members who are leaders and senior executives throughout government, the private sector and academia.
  • 20. SUPPORTING ADVANCES IN THE NATIONAL SECURITY AGENDA 901 North Stuart Street, Suite 205, Arlington, VA 22203 (703) 224-4672 | www.insaonline.org